Aave CEO and founder Stani Kulechov says restoring stability and protecting users is the immediate priority after the $292 million exploit tied to KelpDAO triggered stress across the Aave ecosystem.
In an X post on Wednesday, Kulechov said the team is working with partners on multiple recovery paths aimed at returning markets to normal conditions. He added that efforts are focused on outcomes rather than assigning blame.
Partial recovery offers some relief
A key development came from the Arbitrum Security Council, which froze and helped recover roughly $70 million worth of ether linked to the attacker.
Kulechov indicated that this recovery could reduce overall exposure, though discussions are still ongoing around how losses will ultimately be managed.
Exploit leaves Aave with potential bad debt
The incident originated from a cross-chain exploit involving rsETH, a liquid restaking token issued by KelpDAO. Attackers effectively minted unbacked tokens and used them as collateral across lending platforms.
On Aave, this allowed large-scale borrowing of wrapped ether, leaving the protocol exposed to an estimated $177 million to over $200 million in potential bad debt, depending on the final accounting. Because the collateral lacked real backing, liquidation mechanisms failed, leaving borrowed funds stranded.
Liquidity crunch triggers market stress
The immediate aftermath saw heavy withdrawals from Aave, with more than $5 billion in ether exiting the platform in a short span. Total value locked dropped sharply, and several lending pools reached full utilization, limiting withdrawals for users.
The impact extended beyond a single asset. Stablecoin pools also came under pressure as users shifted positions, tightening liquidity across multiple markets.
Containment measures and risk controls
Aave moved quickly to contain the fallout. The protocol froze the rsETH-related markets and restricted further borrowing against the affected collateral across multiple networks.
These steps halted additional exposure but did not resolve existing positions, leaving the protocol to assess how to handle any resulting deficit. Kulechov said the team is continuing to evaluate solutions while coordinating with ecosystem partners.
The exploit has drawn attention to risks tied to cross-chain infrastructure and collateral selection. Aave had previously accepted rsETH as collateral, a decision now under renewed scrutiny. The incident also highlights how vulnerabilities in one protocol can cascade across interconnected platforms, amplifying the impact.
Next steps remain unclear
Aave has not finalized how it will address any confirmed bad debt. Options could include internal safety mechanisms, governance decisions, or external recovery efforts. For now, Kulechov emphasized coordination and transparency, stating that updates will continue as the situation develops.
The incident marks one of the largest DeFi disruptions of 2026, with recovery efforts likely to shape how protocols approach risk, liquidity, and cross-chain exposure going forward.
